Taking over an admin account is the biggest security risk

The greatest security risk for enterprises is when a hacker breaks into an admin account, according to a new survey by CyberArk.

The survey, called CyberArk’s 9th Annual Global Advanced Threat Landscape Survey, was developed through interviews with 673 IT security and C-level executives and 61 per cent of them agreed - privileged account takeover is the most difficult stage of a cyberattack to mitigate. Last year, 44 per cent shared that opinion.

Almost half (48 per cent) believe hacks occur because of an employee’s poor security habits, while 29 per cent blame attacker sophistication which is, when you think of it, kind of the same thing.

If you have poor security habits, everything will look sophisticated, right?

Businesses are aware of the risk that a takeover of a privileged account brings, but they’re still focused on perimeter defences, a follow-up press release says.

“With more than half of respondents believing they could detect an attack within days, CyberArk warns that many IT and business leaders may not have a full picture of their IT security programmes. Looking beyond the tip of the iceberg with perimeter defences and phishing attacks – organisations must be able to protect against more devastating compromises happening inside the network, like Pass-the-Hash and Kerberos ‘Golden Ticket’ attacks.”

“It is no longer acceptable for organisations to presume they can keep attackers off their network,” said John Worrall, CMO, CyberArk. “The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems. This puts an organisation at the mercy of an attacker’s motivation – be it financial, espionage or causing harm to the business. The survey points to increasing awareness of the devastating fallout of privileged account takeover, which we hope will continue to spur a ripple effect in the market as organisations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing.”

Complete Global Advanced Threat Landscape Survey results can be downloaded for free on this link.